Locking Down the Processor via the Rowhammer Attack
|
|
- Gwendoline Gilmore
- 5 years ago
- Views:
Transcription
1 SGX-BOMB: Locking Down the Processor via the Rowhammer Attack Yeongjin Jang*, Jaehyuk Lee, Sangho Lee, and Taesoo Kim Oregon State University* KAIST Georgia Institute of Technology
2 TL;DR SGX locks up the processor to protect enclaves on any integrity violation SGX-BOMB is a software attack that intentionally violates an enclave s integrity to launch a DoS attack via the Rowhammer attack Processor does nothing if the attack is triggered and requires cold reboot Hard to detect this attack because it runs in an enclave Attackers could lockdown not only a user s machine but also a cloud server by launching this attack 2
3 SGX Encrypts an Enclave s Memory Memory Encryption Engine (MEE) handles the encryption DRAM Encrypts enclave s data with processor s key Attackers on the DRAM cannot see plaintext Confidentiality Core $ EPC??? Attackers could tamper ciphertext but Processor will authenticate data (Integrity) MEE Protect an enclave from hardware attackers 3
4 Integrity Tree Protects the Integrity of EPC Integrity Tree A version tree that stores hash of data Rooted at on-die SRAM Parent node contains the hash of its children nodes Core $ MEE Root DRAM EPC Int Tree EPC Enclaves Updated on each write and checked on each read Any integrity violation can be detected on read access 4
5 Intel Assumes Only Hardware Attackers Can Launch Attacks on EPC Processor isolates EPC from non-enclave accesses Redirect all access to EPC to an abort page (if the origin is not a right enclave) Return 0xffffffffffffffff for all memory read and ignore write Rely on an extension to page table handler Threat model Software attacker cannot access (read/write) to the EPC region Only hardware attacker can tamper the integrity of ciphertext 5
6 On Integrity Violation Integrity violation infers an existence of a hardware attacker Intel took the drop-and-lock policy Processor locks up the memory controller to stop running, to block any further damage on enclaves by the hardware attackers The processor must be rebooted 6
7 On Integrity Violation Integrity violation infers an existence of a hardware attacker No, that s not true. Attackers can induce bit-flips in DRAM without directly accessing them by launching the Rowhammer attack in software Intel took the drop-and-lock policy Processor locks up the memory controller to stop running, to block any further damage on enclaves by the hardware attackers The processor must be rebooted 7
8 SGX-BOMB A processor Denial-of-Service attack against Intel SGX Intentionally trigger drop-and-lock policy by inducing integrity violation using the Rowhammer attack Fast, hideous, and could lockdown the entire server in the cloud Hard to detect; software fix is hard 8
9 The Rowhammer Attack [ISCA 2014] Columns A disturbance attack on the DRAM A hardware vulnerability Rows A DRAM BANK Accessing different rows in a bank could induce disturbance in adjacent row Triggered by purely in software Row Buffer 9
10 The Rowhammer Attack [ISCA 2014] Access Row i-1 and i+1 for multiple times This will induce disturbance in i th row A DRAM BANK (i-1)th row (i) th row (i+1)th row Row Buffer 10
11 The Rowhammer Attack [ISCA 2014] Access Row i-1 and i+1 for multiple times This will induce disturbance in i th row A DRAM BANK (i-1)th row (i) th row (i+1)th row Row Buffer 11
12 The Rowhammer Attack [ISCA 2014] The attack can filp multiple bits in a block DRAM with ECC could not completely block this The attack is triggered by software Breaks Intel s threat assumption No memory access is required The data will be mismatched with Integrity Tree A DRAM BANK (i-1)th row (i) th row (i+1)th row Row Buffer 12
13 Launching Rowhammer in SGX Should know virtual addresses that map to interleaved rows Enclave does not know the physical address (Ring 3) Can be resolved with a timing side-channel (DRAMA [SEC 2016]) Accessing to a different row in the same bank will take more time E.g., 500 cycles for buffered read, 550 cycles for read from a different bank, and 650 cycles for reading conflicting rows SGX does not have a timer (rdtsc is prohibited) Get helped by ocall to call rdtsc after 1,000 times of access Or, we can spawn a thread to count integers (to get # of cycles elapsed) 13
14 Step 1: Finding Rows in the Same Bank Fix an address (p1) For the addresses in enclave (p2), Place a timer Access p1 and p2 multiple times Get the timer value and check Access time > THRESHOLD will be rows in the same bank 600,000 in our test with i7-6700k For 1,000 times of row access 14
15 Step 2: Finding 1-interleaved Rows (i-1, i, i+1) Current SGX driver for Linux uses a naïve scheduler for allocating memory in EPC Virtually adjacent rows are highly likely to be adjacent in the physical space, too Just picking two virtually adjacent rows in the middle (over 32MB space) would be sufficient for the attack 15
16 Step 3: Hammering Rows A DRAM BANK p1 p2 Row Buffer 16
17 DEMO 17
18 Result We observed that SGX-BOMB can happen in normal settings Core i7-6700k (Skylake), 8GB DDR4-2133Mhz DRAM Took 283 seconds Much faster attack time in higher refresh rate Refresh time (ms) 64 (default) Attack time s 1s 18
19 Implications of the SGX-BOMB attack SGX-BOMB on a cloud provider (e.g., Amazon EC2) could lock a processor in the could server This will lock the entire server instance because QPIs and NUMA would fail All tenants suffer reboot Rebooting the cloud machine would affect on the SLA a lot Amazon guarantees 99.95% SLA Reloading working memory set in redis and memcached requires long time The attack can also lock an end-user s machine 19
20 The Rowhammer Attack in Enclaves SGX-BOMB attack is easier to launch than other attacks Only require one flip in any block in the EPC region (~128MB) Do not require a specific bit to flip; unlike flipping bits in private key (FFS), etc. Detection of SGX-BOMB is harder Cannot inspect application; an enclave can load executables dynamically Cannot use PMU to monitor in-enclave operations (ANVIL & Linux) Anti side-channel inference (ASCI) in effect 20
21 Root-cause is in DRAM Not a design flaw of SGX Target Row Refresh (TRR) Standardized in LPDDR3, but not in both DDR3 and DDR4 Intel s Pseudo-TRR (ptrr) is in the processor, but still non-compliant vulnerable DRAMs are in the market ECC could mitigate SGX-BOMB, but cannot completely block it Multiple bit flips (2 or more) in one block are possible 21
22 Potential Software Mitigations? CATT/GATT [SEC 2017] could be a solution Block any access to the adjacent rows of the rows of the EPC region Changing memory allocation scheduling also helps Make finding adjacent row harder Use Uncore PMU for detection ASCI does not hide information for Uncore PMU e.g., [L3 miss from Uncore PMU] aggregated([l3 access from core PMU]) = [L3 access from enclaves] 22
23 Better Defense than Drop-and-Lock? It is the sole problem of a malicious enclave, but drop-and-lock stops all executions of a processor Better options? Let regular operations go on while disabling further SGX execution Just kill the target enclave that owns the violated block in EPC EPCM contains the information Both approaches require hardware modification 23
24 Conclusion Intel SGX locks the processor if any of integrity violation detected on accessing EPC memory It assumes the violation can only happen if there is a hardware attack SGX-BOMB can tamper the data in EPC memory via the Rowhammer attack, which is in software manner, to trigger processor lock SGX-BOMB can lockdown cloud servers equipped with SGX and is hard to be detected by existing Rowhammer defenses 24
SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationBreaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical
More informationSGXBounds Memory Safety for Shielded Execution
SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia *, Pascal Felber, Christof Fetzer TU Dresden, * The University of Edinburgh,
More informationRowhammer.js: A Remote Software- Induced Fault Attack in Javascript
Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology, Austria Rowhammer bug (I) Different DRAM cells can
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 19 Hardware Security: Meltdown, Spectre, Rowhammer Vulnerabilities and Abstractions Abstraction Reality Vulnerability Review: ISA and µarchitecture
More informationRapid Detection of RowHammer Attacks using Dynamic Skewed Hash Tree
Rapid Detection of RowHammer Attacks using Dynamic Skewed Hash Tree SARU VIG SIEW-KEI LAM N A N YA N G T E C H N O LO G I C A L U N I V E R S I T Y, S I N G A P O R E SARANI BHAT TACHARYA DEBDEEP MUKHOPADHYA
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationT-SGX: Eradicating Controlled-Channel
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs Ming-Wei Shih Sangho Lee Taesoo Kim Marcus Peinado Georgia Institute of Technology Microsoft Research 2 3 Intel SGX aims to secure
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationRowhammer.js: Root privileges for web apps?
Rowhammer.js: Root privileges for web apps? Daniel Gruss (@lavados) 1, Clémentine Maurice (@BloodyTangerine) 2 1 IAIK, Graz University of Technology / 2 Technicolor and Eurecom 1 Rennes Graz Clémentine
More informationFrom bottom to top: Exploiting hardware side channels in web browsers
From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationIntel SGX Virtualization
Sean Christopherson Intel Intel SGX Virtualization KVM Forum 2018 Traditional VM Landscape App s secrets accessible by any privileged entity, e.g. VMM and OS App App App or a malicious app that has exploited
More informationProtection. Disclaimer: some slides are adopted from book authors slides with permission 1
Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Today Protection Security 2 Examples of OS Protection Memory protection Between user processes Between user and
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationCurious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis
Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis Sarani Bhattacharya 1 and Debdeep Mukhopadhyay 1 Department of Computer Science and Engineering Indian Institute of Technology,
More informationProtection. Disclaimer: some slides are adopted from book authors slides with permission 1
Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Today Protection Security 2 Examples of OS Protection Memory protection Between user processes Between user and
More informationScotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage
Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1, Fengwei Zhang 2, and Westley Weimer 1 1 University of Michigan, 2 Wayne State University
More informationMalware Guard Extension: Using SGX to Conceal Cache Attacks
Malware Guard Extension: Using SGX to Conceal Cache Attacks Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria Abstract. In modern
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationDRAM Disturbance Errors
http://www.ddrdetective.com/ http://users.ece.cmu.edu/~yoonguk/ Flipping Bits in Memory Without Accessing Them An Experimental Study of DRAM Disturbance Errors Yoongu Kim Ross Daly, Jeremie Kim, Chris
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More information3 things that Rowhammer taught me. and their implications for future security research
3 things that Rowhammer taught me and their implications for future security research Who am I? Reverse engineer since 1997, vuln development since 1999 Started reverse-engineering company zynamics in
More informationARCHITECTURAL TECHNIQUES TO ENHANCE DRAM SCALING. Thesis Defense Yoongu Kim
ARCHITECTURAL TECHNIQUES TO ENHANCE DRAM SCALING Thesis Defense Yoongu Kim CPU+CACHE MAIN MEMORY STORAGE 2 Complex Problems Large Datasets High Throughput 3 DRAM Module DRAM Chip 1 0 DRAM Cell (Capacitor)
More informationSide Channels and Runtime Encryption Solutions with Intel SGX
Leader in Runtime Encryption Whitepaper Side Channels and Runtime Encryption Solutions with Intel SGX by Andy Leiserson, Chief Architect at Fortanix Executive Summary Introduction to Side Channel Attacks
More informationWhen Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins Michael Schwarz, Moritz Lipp michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at Abstract In our talk, we show that despite all
More informationSanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationMemory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah
Memory Defenses The Elevation from Obscurity to Headlines Rajeev Balasubramonian School of Computing, University of Utah Image sources: pinterest, gizmodo 2 Spectre Overview Victim Code x is controlled
More informationSlalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating
More informationHacking in Darkness: Return-oriented Programming against Secure Enclaves
Hacking in Darkness: Return-oriented Programming against Secure Enclaves Jaehyuk Lee and Jinsoo Jang, KAIST; Yeongjin Jang, Georgia Institute of Technology; Nohyun Kwak, Yeseul Choi, and Changho Choi,
More informationWhen Good Protections Go Bad: Exploiting Anti-DoS Measures to Accelerate Rowhammer Attacks
When Good Protections Go Bad: Exploiting Anti-DoS Measures to Accelerate Rowhammer Attacks Misiker Tadesse Aga Zelalem Birhanu Aweke Todd Austin misiker@umich.edu zaweke@umich.edu austin@umich.edu University
More informationANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd Austin University
More informationMalware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version)
Malware Guard Extension: Using SGX to Conceal Cache Attacks (Exted Version) Michael Schwarz Graz University of Technology Email: michael.schwarz@iaik.tugraz.at Samuel Weiser Graz University of Technology
More informationObliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee
Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds
More informationInferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, and Hyesoon Kim, Georgia Institute of Technology; Marcus Peinado, Microsoft
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Securing Clouds Goal: Learn about different techniques for protecting a cloud against
More informationVirtual Memory Wrap Up
Virtual Memory Wrap Up CSE 351 Autumn 2017 Instructor: Justin Hsia Teaching Assistants: Lucas Wotton Michael Zhang Parker DeWilde Ryan Wong Sam Gehman Sam Wolfson Savanna Yee Vinny Palaniappan Administrivia
More informationBinding keys to programs using Intel SGX remote attestation
Binding keys to programs using Intel SGX remote attestation Mark D. Ryan London Crypto Day 22 September 2017 1 Intel SGX Intel SGX is a set of processor instructions which allow one: To set up an enclave
More informationTechnical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples
Muhammad Eka WIJAYA Technical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples How to Address Privacy in Ubiquitous Work Understand Application Define Problem Know Tools 2
More informationLeaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel
More informationSGX memory oversubscription
SGX memory oversubscription Somnath Chakrabarti, Rebekah Leslie-Hurd, Mona Vij, Frank McKeen, Carlos Rozas, Dror Caspi, llya Alexandrovich, Ittai Anati {somnath.chakrabarti, rebekah.leslie-hurd, mona.vij,
More informationECE 571 Advanced Microprocessor-Based Design Lecture 17
ECE 571 Advanced Microprocessor-Based Design Lecture 17 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 3 April 2018 HW8 is readings Announcements 1 More DRAM 2 ECC Memory There
More informationHardware Enclave Attacks CS261
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Service (IAS) Process Enclave Untrusted Trusted Enclave Code Enclave Data Process Process Other Enclave OS and/or Hypervisor
More informationCPS 510 final exam, 4/27/2015
CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationBit Flips in Memory Rowhammer Attacks and Defenses
Bit Flips in Memory Rowhammer Attacks and Defenses Memory Corruption Attacks Software code injection return-oriented programming Data Code Hardware Memory Corruption Attacks Software code injection return-oriented
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationLecture Secure, Trusted and Trustworthy Computing Introduction to SGX
Lecture Secure, and Trustworthy Computing Introduction to Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Intel Software Guard Extensions
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationBUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX
BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX FLORIAN KERSCHBAUM, UNIVERSITY OF WATERLOO JOINT WORK WITH BENNY FUHRY (SAP), ANDREAS FISCHER (SAP) AND MANY OTHERS DO YOU TRUST YOUR CLOUD SERVICE
More informationGuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM Victor van der Veen 1, Martina Lindorfer 3, Yanick Fratantonio 4, Harikrishnan Padmanabha Pillai 2, Giovanni Vigna 3, Christopher Kruegel
More informationDiscount Kaspersky PURE 3.0 internet download software for windows 8 ]
Discount Kaspersky PURE 3.0 internet download software for windows 8 ] Description: Extended benefits Award-winning protection against all types of Internet threats Online shopping, banking and social
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationA MEASUREMENT STUDY ON CO-RESIDENCE THREAT INSIDE THE CLOUD
1 A MEASUREMENT STUDY ON CO-RESIDENCE THREAT INSIDE THE CLOUD Zhang Xu College of William and Mary Haining Wang University of Delaware Zhenyu Wu NEC Laboratories America 2 Cloud Becomes Tempting Target
More informationecture 33 Virtual Memory Friedland and Weaver Computer Science 61C Spring 2017 April 12th, 2017
ecture 33 Computer Science 61C Spring 2017 April 12th, 2017 Virtual Memory 1 Multiprogramming The OS runs multiple applications at the same time. But not really: have many more processes/threads than available
More informationSlalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Stanford security lunch June 13 th Trusted execution of ML: 3 motivating
More informationFPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationMicro-architectural Attacks. Chester Rebeiro IIT Madras
Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript and HTML5 (due to restricted
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More information15-740/ Computer Architecture Lecture 19: Main Memory. Prof. Onur Mutlu Carnegie Mellon University
15-740/18-740 Computer Architecture Lecture 19: Main Memory Prof. Onur Mutlu Carnegie Mellon University Last Time Multi-core issues in caching OS-based cache partitioning (using page coloring) Handling
More informationLanguage-Based Protection
Language-Based Protection Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. Language implementation can provide
More informationVirtual Memory III. CSE 351 Autumn Instructor: Justin Hsia
Virtual Memory III CSE 351 Autumn 2016 Instructor: Justin Hsia Teaching Assistants: Chris Ma Hunter Zahn John Kaltenbach Kevin Bi Sachin Mehta Suraj Bhat Thomas Neuman Waylon Huang Xi Liu Yufang Sun https://xkcd.com/720/
More informationSecuring Cloud Computing
Securing Cloud Computing NLIT Summit, May 2018 PRESENTED BY Jeffrey E. Forster jeforst@sandia.gov Lucille Forster lforste@sandia.gov Sandia National Laboratories is a multimission laboratory managed and
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationCS 33. Architecture and Optimization (3) CS33 Intro to Computer Systems XVI 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
CS 33 Architecture and Optimization (3) CS33 Intro to Computer Systems XVI 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Hyper Threading Instruction Control Instruction Control Retirement Unit
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationComputer Architecture. Memory Hierarchy. Lynn Choi Korea University
Computer Architecture Memory Hierarchy Lynn Choi Korea University Memory Hierarchy Motivated by Principles of Locality Speed vs. Size vs. Cost tradeoff Locality principle Temporal Locality: reference to
More informationCurious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis
Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur CHES 2016 August 19, 2016 Objective
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationCS 61C: Great Ideas in Computer Architecture (Machine Structures) Intro to Virtual Memory
CS 61C: Great Ideas in Computer Architecture (Machine Structures) Intro to Virtual Memory Instructors: Vladimir Stojanovic and Nicholas Weaver http://inst.eecs.berkeley.edu/~cs61c/ 1 Agenda Multiprogramming/time-sharing
More informationCache Side Channel Attacks on Intel SGX
Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton
More informationTUX : Trust Update on Linux Kernel
TUX : Trust Update on Linux Kernel Suhho Lee Mobile OS Lab, Dankook university suhho1993@gmail.com -- Hyunik Kim, and Seehwan Yoo {eternity13, seehwan.yoo}@dankook.ac.kr Index Intro Background Threat Model
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationConcurrency. Glossary
Glossary atomic Executing as a single unit or block of computation. An atomic section of code is said to have transactional semantics. No intermediate state for the code unit is visible outside of the
More informationCrypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016
Crypto tidbits: misuse, side channels Slides from Dave Levin 414-spring2016 A paper from 2013 that looked at how Android apps use crypto, as a function of 6 rules that reflect the bare minimum a secure
More informationarxiv: v2 [cs.cr] 30 Aug 2017
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX Wenhao Wang 1, Guoxing Chen 3, Xiaorui Pan 2, Yinqian Zhang 3, XiaoFeng Wang 2, Vincent Bindschaedler 4, Haixu Tang 2,
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationEEM 486: Computer Architecture. Lecture 9. Memory
EEM 486: Computer Architecture Lecture 9 Memory The Big Picture Designing a Multiple Clock Cycle Datapath Processor Control Memory Input Datapath Output The following slides belong to Prof. Onur Mutlu
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationCLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.
CLASS AGENDA INTEL SGX OVERVIEW... DEVELOPER TOOLKIT... DEVELOPING FOR INTEL SGX... BREAK FOR LUNCH... PROVISIONING SECRETS... DATA SEALING...... 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00
More informationSecurity Principles & Sandboxes
Security Principles & Sandboxes CS 161: Computer Security Prof. Raluca Ada Popa January 25, 2018 Some slides credit Nick Weaver or David Wagner. Announcements Homework 1 is out, due on Monday Midterm 1
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationThis presentation covers Gen Z s Security capabilities.
This presentation covers Gen Z s Security capabilities. 1 2 Gen Z architecture assumes every component is an attack vector. This is critical to appreciate, as time and again cyber attacks have exploited
More informationGreen Lights Forever: Analyzing the Security of Traffic Infrastructure
Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader
More informationBreaking Hardware Wallets
Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware Wallets? - high level overview YES NO Public data Do you want to send 1.337 BTC to 1UnREADABLE Operations on
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationLECTURE 5: MEMORY HIERARCHY DESIGN
LECTURE 5: MEMORY HIERARCHY DESIGN Abridged version of Hennessy & Patterson (2012):Ch.2 Introduction Programmers want unlimited amounts of memory with low latency Fast memory technology is more expensive
More informationCOSC 6385 Computer Architecture - Memory Hierarchies (II)
COSC 6385 Computer Architecture - Memory Hierarchies (II) Edgar Gabriel Spring 2018 Types of cache misses Compulsory Misses: first access to a block cannot be in the cache (cold start misses) Capacity
More informationRacing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. CS 563 Young Li 10/31/18
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard extensions (SGX) and Hyper-Threading What is Intel SGX? Set of
More information1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class
1.264 Lecture 26 Security protocols Next class: Anderson chapter 4. Exercise due before class 1 Encryption Encryption is the process of: Transforming information (referred to as plaintext) Using an algorithm
More informationECE 485/585 Midterm Exam
ECE 485/585 Midterm Exam Time allowed: 100 minutes Total Points: 65 Points Scored: Name: Problem No. 1 (12 points) For each of the following statements, indicate whether the statement is TRUE or FALSE:
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationSymlink attacks. Do not assume that symlinks are trustworthy: Example 1
Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or
More informationControlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Yuanzhong Xu, Weidong Cui, Marcus Peinado
: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado 2 Goal Protect the data of applications running on remote hardware 3 New tech Trusted Platform Modules
More information